Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/emSvs4QRj-sN-b-8X2DIKgG_GrU.roa
File:                     emSvs4QRj-sN-b-8X2DIKgG_GrU.roa (raw, json)
Hash identifier:          cNV1Rb0HYwVa0/dFgx6OqEXgMxtczg2pxUhRRGMUxfE=
Subject key identifier:   7A:64:AF:B3:84:11:8F:EB:0D:F9:BF:BC:5F:60:C8:2A:01:BF:1A:B5
Certificate issuer:       /CN=4722aea0ef4c0667db819f5d5a3daea6399f038c
Certificate serial:       018CC4923B272DEFC3F38110F5A19C5BC83D
Authority key identifier: 47:22:AE:A0:EF:4C:06:67:DB:81:9F:5D:5A:3D:AE:A6:39:9F:03:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/emSvs4QRj-sN-b-8X2DIKgG_GrU.roa
Signing time:             Mon 01 Jan 2024 10:29:26 +0000
ROA not before:           Mon 01 Jan 2024 10:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47343
IP address blocks:        2a07:c281::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/RyKuoO9MBmfbgZ9dWj2upjmfA4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/RyKuoO9MBmfbgZ9dWj2upjmfA4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3b:27:2d:ef:c3:f3:81:10:f5:a1:9c:5b:c8:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4722aea0ef4c0667db819f5d5a3daea6399f038c
        Validity
            Not Before: Jan  1 10:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a64afb384118feb0df9bfbc5f60c82a01bf1ab5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:6a:c4:91:30:4a:85:19:8b:6d:4d:ef:a1:77:
                    69:9c:73:8e:ce:79:ce:f7:0c:e8:04:e8:e9:a1:b3:
                    51:cf:d4:84:1f:64:17:5a:53:c2:2a:a3:92:13:c5:
                    3b:08:26:ae:4b:7e:9c:bf:bc:20:38:ef:5b:d1:2c:
                    dd:59:c8:c3:b2:b6:c5:8c:b4:82:ca:2b:b4:9e:f9:
                    27:e6:1c:0b:80:24:ea:fb:3d:88:8f:71:d1:56:15:
                    1d:2a:49:52:18:da:d7:0a:f1:be:68:69:23:fc:a9:
                    12:5b:1c:88:12:21:a4:80:c4:c3:37:9f:37:6a:7a:
                    bf:80:3e:48:ac:82:36:63:1c:ed:d7:81:fd:03:b2:
                    7c:97:e6:b7:37:5e:84:a3:f6:19:c7:70:77:05:6c:
                    42:4b:03:fc:b5:3b:4d:67:46:b1:e8:f3:57:5a:6b:
                    09:a7:5f:96:4a:1d:c8:42:5f:7a:02:ad:44:24:3b:
                    56:2f:a8:43:11:18:e1:70:72:02:fd:71:31:86:33:
                    8d:05:49:22:8a:03:9e:ea:96:8f:10:f8:f9:c3:1e:
                    1e:ce:70:c5:b4:6c:4e:14:5d:77:d3:58:4c:0b:0c:
                    27:52:ec:a6:59:eb:f8:97:14:13:f7:45:ba:5e:7b:
                    04:df:56:07:89:a9:cd:b2:09:4d:2e:ee:e1:8f:43:
                    6b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:64:AF:B3:84:11:8F:EB:0D:F9:BF:BC:5F:60:C8:2A:01:BF:1A:B5
            X509v3 Authority Key Identifier:
                keyid:47:22:AE:A0:EF:4C:06:67:DB:81:9F:5D:5A:3D:AE:A6:39:9F:03:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/emSvs4QRj-sN-b-8X2DIKgG_GrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/RyKuoO9MBmfbgZ9dWj2upjmfA4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:c281::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:7f:e0:41:30:85:57:e4:c0:3b:c7:57:0f:5a:15:37:90:41:
         7a:f3:6b:9e:97:2f:dc:79:fe:94:b1:9d:fc:6b:40:5f:20:6a:
         23:b7:20:c5:3e:29:97:6d:7f:f4:32:ce:24:96:3b:4e:29:ca:
         a9:b4:84:77:4c:c1:40:1a:91:e4:8d:40:24:52:94:ef:a8:ba:
         07:c0:37:df:d2:62:d1:96:2e:41:37:1f:7f:a2:cc:26:7f:80:
         e0:c3:c3:b8:fa:44:c9:fd:ad:31:07:42:4a:53:58:91:84:c5:
         f8:be:87:ce:5d:18:57:57:ee:a7:18:c5:cc:35:d9:47:57:cf:
         aa:5e:17:5d:0c:b3:97:1c:a2:22:ec:10:61:a5:34:6e:8c:8a:
         3e:38:c2:36:a2:9f:b0:e5:97:46:8e:b6:84:33:0c:22:29:93:
         57:c4:05:75:c8:b2:12:54:eb:b4:8b:e9:9a:cf:98:28:64:47:
         e5:c7:c0:f6:e9:f8:c8:db:8b:38:f5:e8:5f:b4:8e:fb:7a:79:
         0b:36:f6:74:4c:6e:2a:dc:54:5c:c8:c5:d7:59:f7:75:9e:d0:
         ed:b5:dd:e7:09:c6:f3:d3:b8:51:85:b0:3f:0e:63:b2:c2:56:
         c6:68:2e:59:1d:a3:00:04:ba:ec:3a:f1:16:3a:55:ec:36:c6:
         85:a7:db:c7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkjsnLe/D84EQ9aGcW8g9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjJhZWEwZWY0YzA2NjdkYjgxOWY1ZDVhM2RhZWE2Mzk5
ZjAzOGMwHhcNMjQwMTAxMTAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTY0YWZiMzg0MTE4ZmViMGRmOWJmYmM1ZjYwYzgyYTAxYmYxYWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2rEkTBKhRmLbU3voXdpnHOOznnO
9wzoBOjpobNRz9SEH2QXWlPCKqOSE8U7CCauS36cv7wgOO9b0SzdWcjDsrbFjLSC
yiu0nvkn5hwLgCTq+z2Ij3HRVhUdKklSGNrXCvG+aGkj/KkSWxyIEiGkgMTDN583
anq/gD5IrII2Yxzt14H9A7J8l+a3N16Eo/YZx3B3BWxCSwP8tTtNZ0ax6PNXWmsJ
p1+WSh3IQl96Aq1EJDtWL6hDERjhcHIC/XExhjONBUkiigOe6paPEPj5wx4eznDF
tGxOFF1301hMCwwnUuymWev4lxQT90W6XnsE31YHianNsglNLu7hj0NrHQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHpkr7OEEY/rDfm/vF9gyCoBvxq1MB8GA1UdIwQY
MBaAFEcirqDvTAZn24GfXVo9rqY5nwOMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlLdW9POU1CbWZiZ1o5ZFdqMnVwam1mQTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84MGMzODctYjIwYi00MzBhLWE1ZTYt
NmUzMDc0YzZjNjYzLzEvZW1TdnM0UVJqLXNOLWItOFgyRElLZ0dfR3JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84MGMzODctYjIwYi00MzBhLWE1ZTYtNmUzMDc0YzZjNjYz
LzEvUnlLdW9POU1CbWZiZ1o5ZFdqMnVwam1mQTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgfCgTAN
BgkqhkiG9w0BAQsFAAOCAQEAFH/gQTCFV+TAO8dXD1oVN5BBevNrnpcv3Hn+lLGd
/GtAXyBqI7cgxT4pl21/9DLOJJY7TinKqbSEd0zBQBqR5I1AJFKU76i6B8A339Ji
0ZYuQTcff6LMJn+A4MPDuPpEyf2tMQdCSlNYkYTF+L6Hzl0YV1fupxjFzDXZR1fP
ql4XXQyzlxyiIuwQYaU0boyKPjjCNqKfsOWXRo62hDMMIimTV8QFdciyElTrtIvp
ms+YKGRH5cfA9un4yNuLOPXoX7SO+3p5Czb2dExuKtxUXMjF11n3dZ7Q7bXd5wnG
89O4UYWwPw5jssJWxmguWR2jAAS67DrxFjpV7DbGhafbxw==
-----END CERTIFICATE-----